Chapter 23. Event Logging, Services, and Process Monitoring with PowerShell

IN THIS CHAPTER

  • Controlling services and their settings

  • Monitoring processes

  • Interrogating the event logs

It is important for any shell to allow a system administrator to manage the programs running a system. These may be normal user mode processes or they may be services which run in the background. This chapter looks at the tools PowerShell provides for managing both of these events as well as examining the information the programs record in the event log.

Working with Services

Microsoft environments have had command-line tools for managing network services since the days of DOS and MS-NET, and the NET.EXE command still provides much of the same functionality as it did back then: Net Start, Net Stop, Net Share, and Net Use commands from 20 years ago have remained constant through the change to OS/2 LAN Manager, Windows NT, and Server 2000, 2003, and 2008 and as the client has changed from DOS/Windows to Windows NT–based, including Windows XP and Windows Vista. The command has evolved to take on the ability to manage accounts and groups and to pause and resume services as well as simply starting and stopping them.

The Net Start command returns a list of running services; as a traditional text-based command, it can be run in PowerShell and have its output piped into something. For example, the following command checks which services containing "Windows" in their name are running on a Windows Vista Ultimate computer: ...

Get Microsoft® PowerShell, VBScript and JScript® Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial